I've made several Steam accounts both before the Steam Guard update and after. None of which had the Steam Guard turned on by default. I've had to enable it myself on each one. So while it's probably meant to be turned on by default, it isn't always for whatever reason.

Actually, it depends on how well people kept up with their account, although hopefully most people did. Steam Guard was only enabled if your email was already verified, which was not required for accounts created before that system came into place. At least, that is how I understood it. My account was automatically enabled, but I know others who weren't.

Hopefully people manage their accounts better, but I honestly wouldn't be suprised if quite a few people just played games and ignore security changes or never noticed it in the updates.

I'm more concerned about what data they may have gotten access to, either by direct attack or by using a hijacked admin's account (although it looks like they were just screwing around). With one hack it can be surprisingly easy to fool people into giving you more.

That said, I hope that if Valve had reason to suspect that the service was further compromised, it wouldn't be online.

I do not know how it happened but I have different logins and passwords for the steam and the forum, so I can sleep safely : P

Will gog.com be the next ?

Looks like Valve has to
*sunglass on*
release some Steam.

Unless Valve paniced and turned the forums off, themselves as soon as they realised that something had been compromised...

i'm sorry for the poor TF2 crap traders and CoD fans . :p

The forums were hacked. They're using vBulletin as a background system for the forums.

This has nothing to do with Steam, as they weren't connected in any way by Valve.

Well if you want to think of it that way then the guy who hacked it clearly was using the opportunity to spam that website (or frame it, whatever). If anyone had the least to gain by turning it off/removing it, it was the hacker.

I wanted to ask : Will the GOG forums be the next ?

It is possible. The connection to the forums isn't secure, only to the login page and myaccount section.

I wonder if GOG connect the forums with the account section. It would be an awesomely terrible idea if the forum backend also stores the account password. Let us hope that is not the case.

But that makes no sense when they can just go into their backend and turn off the database/stick the forum into maintenance mode. There was no need for them to remove the index page and leave it like that for an hour or so.

Ah, but you'll see that they turned off their own forums (the ones linked to) too. If anything, you could say they shat their pants and are panicking and couldn't work out how to delete the redirects they put in thus, deleted the page in the hopes that Valve would just think there was some error.

They've certainly been quick to post around the net that "they didn't do it" and "were framed by another forum", etc.

what?